red-team-tactics
Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
53
41%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./.agent/skills/red-team-tactics/SKILL.mdQuality
Discovery
32%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear security domain (red teaming with MITRE ATT&CK) but remains too high-level and lacks explicit trigger guidance. It would benefit from concrete action verbs and a 'Use when...' clause to help Claude distinguish this skill from other security-related skills.
Suggestions
Add a 'Use when...' clause with explicit triggers like 'Use when the user asks about adversary simulation, penetration testing, ATT&CK techniques, or offensive security assessments'.
Replace abstract categories with specific actions such as 'Map attack techniques to MITRE ATT&CK framework, plan adversary emulation exercises, document findings with ATT&CK IDs'.
Include common user terminology variations: 'pen testing', 'TTPs', 'threat emulation', 'offensive security', 'adversary tactics'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (red team tactics, MITRE ATT&CK) and mentions some actions (attack phases, detection evasion, reporting), but these are high-level categories rather than concrete specific actions like 'simulate phishing attacks' or 'map vulnerabilities to ATT&CK techniques'. | 2 / 3 |
Completeness | Describes what the skill covers at a high level but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per rubric guidelines, missing explicit trigger guidance caps this at 2, but the 'what' is also weak, warranting a 1. | 1 / 3 |
Trigger Term Quality | Includes relevant keywords like 'red team', 'MITRE ATT&CK', 'detection evasion', and 'reporting', but misses common variations users might say such as 'penetration testing', 'adversary simulation', 'threat emulation', 'TTPs', or 'offensive security'. | 2 / 3 |
Distinctiveness Conflict Risk | The MITRE ATT&CK reference provides some distinctiveness from generic security skills, but 'attack phases' and 'reporting' are vague enough to potentially overlap with other security, threat intelligence, or compliance skills. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a well-organized conceptual overview of red team tactics with excellent conciseness through effective use of tables. However, it lacks actionability - there are no concrete commands, tool examples, or executable guidance. It reads more like a reference taxonomy than an operational skill that would help Claude perform red team activities.
Suggestions
Add concrete tool examples for each phase (e.g., specific nmap commands for recon, impacket commands for lateral movement, bloodhound queries for AD attacks)
Include executable code snippets or command templates that Claude can adapt, rather than just describing technique categories
Add validation checkpoints to the reporting section (e.g., 'Before submitting report, verify: [] All actions timestamped, [] Screenshots captured, [] Scope boundaries documented')
Consider splitting detailed technique references (AD attacks, privilege escalation checks) into separate files with specific tooling guidance
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and well-organized using tables and bullet points. It assumes Claude understands security concepts and doesn't waste tokens explaining what MITRE ATT&CK is or basic terminology. | 3 / 3 |
Actionability | The skill describes concepts and categories but provides no executable commands, code examples, or specific tools. It's entirely descriptive rather than instructive - telling what to consider rather than how to do it. | 1 / 3 |
Workflow Clarity | The attack lifecycle diagram shows clear sequencing, and reporting section has numbered steps. However, there are no validation checkpoints, feedback loops, or concrete verification steps for any phase of the engagement. | 2 / 3 |
Progressive Disclosure | Content is well-structured with clear sections and tables, but it's a monolithic document with no references to external files for detailed techniques, tool usage, or examples that would benefit from separation. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
Total | 10 / 11 Passed | |
- Repository
- lchenrique/politron-ide
- Commit
7114206
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.